Fault Lines Podcast - The Solarium and the Private Sector with Ron Gula & Megan Brown


failt-lines-24



Fault Lines welcomes Ron Gula, NSI Advisory Board member and President of Gula Tech Adventures, and Megan Brown, NSI Senior Fellow and Partner at Wiley Rein LLP to discuss the recent Cyberspace Solarium Report. How will the Cyberspace Solarium Report impact the private sector? Why did the report punt on the encryption debate? Does any of this actually get implemented? Ron, Megan, and Fault Lines Host Les Munson answer these questions and many more on this week’s episode of Fault Lines!







Read More…

Cyberspace Solarium Take Aways 

solarium-title2


The United States Cyberspace Solarium Commission released their report on March 11, 2020. The report recommends a wide variety of strategies and proposed cyberspace legislation. Most of the report I really agreed with such as more resources for CISA and Cyber Command or tasking NIST with efforts to make cyber insurance easier.  This blog is about what I found really interesting and what I liked in the report - namely vulnerability liability, a US population smarter about cyberspace and increased support for elections on a near equal footing with critical infrastructure.  
Read More…

What is the Cyber equivalent of physical displays of military strength?

Picture1
Many times in our history, the United States has deployed a carrier battle group as a sign of strength and projection of power. An aircraft carrier is recognizable by most of the world and can be very intimidating if you are potentially on the receiving end of its payload of missiles and aircraft. Similarly, the United States has also conducted joint military exercises with allies and deployed squadrons of combat aircraft at times of stress. These actions can escalate tensions, but can also show strength and resolve during times of diplomatic negotiations. We project our power in the air, on land and in the sea – are there methods we could be using in cyberspace?
Read More…

The Cyber Poverty Line

CPL

I recently had the chance to participate in my third “Cyber Moonshot” session. During a brainstorming session on how to increase the cost of performing cyber attacks by 100x, Andrew Wild mentioned the concept of the “Cyber Poverty Line”. This concept made it into our final group brief to the larger session and several Moonshot participants mentioned to me they liked the concept which led to this blog.
Read More…

Cyber and CyberSecurity is a Team Sport

group1

Cyber has an identity crisis. Most people think it is someone else’s problem. The reality is cyber is all of our issues. It is personal. But the challenge is how do we engage people to understand they have a role to play. Read More…

Deep Thoughts on Enterprise Cyber Risk

1*R5JZhwYoI1imwip9bpTlfA

Fake Risk Graphs generated from http://sporkforge.com


I started writing this blog right after the release of Senator Warren’s report on Equifax and completely failed. I tried to pack every relevant anecdote I had experienced while meeting cyber risk companies, being CEO of Tenable, running an intrusion detection company and being a penetration tester.

Read More…

A Simple Case for more Maryland and Mid-Atlantic cyber product companies

0*ULcFk4lt2MrobMED
Earlier this year I was asked to serve on the steering committee of Governor Larry Hogan’s Excel Maryland Initiative. The initiative focuses on the development of a unique partnership of the private sector, public sector, and academia to craft a plan to support economic growth through the advanced industries, such as cyber security and life sciences, in Maryland. Having worked at the NSA and a number of cyber services and product companies, including Tenable Network Security and having made the switch to being a cyber-security start-up investor, I had a lot to say on this subject.
Read More…

What is your reason for not patching MS17–010 — the main vulnerability behind WannaCry?

0*UvcKlP7mpNCZORDZ
In April 14 2017, Shadow Brokers released information about an exploit tool written by the NSA called Eternal Blue. This tool exploited a zero day in Microsoft Windows covered by their MS17–010 update. The patch proceeded the disclosure as Microsoft issued MS17–010 on March 14, 2017. The WannaCry worm first got heavily noticed on Friday, May 12, 2017.
Read More…

DHS and Cyber Security Readiness

0*cKiFTPEblljA4bQ3

(Cover artwork from Senator Coburn’s report on DHS)

report from Senator Tom Coburn about the Department of Homeland Security details a variety of concerns about the organization’s ability to counter cyber attacks. ZDNet wrote an unflattering article about the cyber shortcomings with the headline “ New Report : DHS is a mess of cybersecurity incompetence”. The main points of the article are:

Read More…

CERT’s Blacklist Ecosystem Analysis: 2016 Update

0*bZjN9yQ4oqW-t-Nm
If you are not aware of CERT’s work in tracking the “IOC”, “threat sharing” and “threat feed” space, I highly suggest you take a look at their most recent update to the Blacklist Ecosystem Analysis paper.
Read More…